package com.diligent.cloud.sfc.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;

@EnableResourceServer
@EnableGlobalMethodSecurity(jsr250Enabled = true)
@Configuration
public class SfcResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Value("${oauth.check-token}")
    private String oauth_check_token;

    @Value("${oauth.clientId}")
    private String clientId;

    @Value("${oauth.clientSecret}")
    private String clientSecret;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //.antMatchers("/sfc/**").permitAll()
                .antMatchers(HttpMethod.POST, "/sfc/dps").permitAll()
                .antMatchers("/sfc/mat-image/**").permitAll()
                .antMatchers("/sfc/usable-md/filter").permitAll()
                .antMatchers("/sfc/usable-as/filter").permitAll()
                .antMatchers("/sfc/mfg-mach-stop-code").permitAll()
                .antMatchers("/**/filter").permitAll()
                .antMatchers(HttpMethod.GET, "/sfc/transport/**").permitAll()
                .antMatchers("/sfc/actions").permitAll()
                .antMatchers("/sfc/wo-order/actions").permitAll()
                .antMatchers("/sfc/actions/**").permitAll()
                .antMatchers("/sfc/capp-mach-runtime-params/**").permitAll()
                .antMatchers("/sfc/capp-mach-event/**").permitAll()
                .antMatchers("/sfc-inventory/mat").permitAll()
//                .antMatchers("/sfc/inbox/**").permitAll()
                .antMatchers("/sfc/wo-order/**").permitAll()
                .antMatchers("/sfc-surface-treatment/actions/**").permitAll()
                .antMatchers("/sfc-surface-treatment/actions").permitAll()
                .antMatchers("/sfc-workshop-scene-packing/actions/**").permitAll()
                .antMatchers("/sfc-workshop-scene-packing/actions").permitAll()
                .antMatchers("/sfc-work-shop-post-process/actions/**").permitAll()
                .antMatchers("/sfc-work-shop-post-process/actions").permitAll()
                .antMatchers("/sfc-work-shop-extrusion/actions/**").permitAll()
                .antMatchers("/sfc-work-shop-extrusion/actions").permitAll()
                .antMatchers("/sfc/prod-batch/statistics-consume").permitAll()
                .antMatchers("/sfc/mfg-md/**").permitAll()
                .antMatchers("/sfc-work-shop-extrusion/box-reported").permitAll()
                .antMatchers("/sfc-work-shop-extrusion/mat-stock").permitAll()
                .antMatchers("/sfc-surface-treatment/lots/filter").permitAll()
                .antMatchers("/sfc/capp-mat-cad/**").permitAll()
                .antMatchers("/sfc-surface-treatment/lots").permitAll()
                .antMatchers("/sfc/test").permitAll()


                .antMatchers("/swagger-ui.html").permitAll()
                .antMatchers("/swagger-resources", "/swagger-resources/**").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/v2/api-docs/**").permitAll()
                .anyRequest().authenticated();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        super.configure(resources);
        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
        remoteTokenServices.setClientId(clientId);
        remoteTokenServices.setClientSecret(clientSecret);
        remoteTokenServices.setCheckTokenEndpointUrl(oauth_check_token);
        resources.tokenServices(remoteTokenServices);
    }

}
